Changelog

Others

• cc605ac: Added shutdown group (#1732) (@mabbas007)
• b297f3a: Format pending countdown as MM:SS (#1727) (@phuonganh2601)
• af655d3: build(deps-dev): bump vite from 7.3.1 to 7.3.2 in /frontend (@dependabot[bot])
• 6df1205: update deps (@seriousm4x)

Github Actions

• aabd8c1: gh-action: bump dependabot/fetch-metadata from 2 to 3 (@dependabot[bot])
• 24e218b: gh-action: bump pnpm/action-setup from 5 to 6 (@dependabot[bot])

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.26

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.26

Changes

• implement time-clipped downloads (closes #969, replaces #907) (4f83174)
• title filter for subscriptions (closes #968) (91ee831)
• Bump aquasecurity/trivy-action in the github-actions group (d89a5dd)

1.5.1 (2026-04-25)

Features

• Stalwart: OAuth auto-setup with dialog and validation for origin and issuer URLs
• Mail: Right-click context menu on the folders sidebar
• Mail: Replace folder prompt() calls with a proper modal dialog
• Calendar: Add 'Today' button to the desktop calendar toolbar
• Junk: Setting to show avatars in the Junk folder

Fixes

• Admin: Restore admin panel after Stalwart v0.16 REST API removal
• Viewer: Restore broken viewer toolbar actions and improve the mobile menu (#220)
• Folders: Stop flicker on background folder refresh
• Email: Preserve search/filter on batch move and archive
• Email: Preserve search/filter when moving emails via drag-drop
• i18n: Improve Korean flag

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2026-03-08)

recent important news

• v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS)

🧪 new features

• #1410 #376 #1224 new option --glang to autoselect UI-translation based on webbrowser's language (thx @stackxp!) ec3e0e7
• #1407 #1384 option to automatically switch between list-view and grid-view depending on folder contents (thx @icxes!) 822fa71 660ed7a 961a273
• #1447 audioplayer can now play bcstm / bfstm / brstm files (nintendo 3ds/wii bgm) 3a9ff67
• #1389 add 1000-based filesize-units in addition to 1024-based 43773f2
• #1395 reloc-by-wark, a pair of hooks to rename incoming uploads to a hash of the file contents 1e7de5d
• option --rlo to change the logrotate-counter for -lo 8b98688
• add --certkey to specify certificate and key as separate files 8c7cdf8
  • but the built-in HTTPS server should still not be trusted
• config-files can now use OS environment-variables anywhere in the [global] config section cbd82b6 e52bbed
  • by default, only the syntax ${VAR} is supported, not $VAR or %VAR%
  • previously, a small handful of global-options already supported this (c lo hist dbpath ssl_log), but they also supported the $VAR syntax, which is no longer the case
  • if the old $VAR syntax is detected, copyparty will crash on startup, suggesting the following remedies (choose one!) in the log:
    1. update the config-value to the new ${VAR} syntax (recommended)
    2. allow the old syntax with global-option --env-expand 1 (risky)
    3. ignore the old syntax and only expand the new syntax with global-option --env-expand 2
    4. disable all environment-variable expansions with PRTY_NO_ENVEXPAND=1

🩹 bugfixes

• #1437 webdav clients can now PROPFIND a file with depth: infinite which at least webdav4 does e00f2b4
• #1392 navigating into a subfolder using a dks dirkey (default-disabled) could fail 228c3df
• #1446 #1330 #1362 fix some small edgecases with the rightclick-menu (thx @icxes!) 874e0e7
• #1403 #1396 audioplayer: fix ui-crash when folder contains an m3u-file and sort-order is changed during playback (thx @icxes!) 198f631
• #1428 #1427 when --magic was enabled, nameless uploads of textfiles would get the file-extension .ssa instead of .txt (thx @Scotsguy!) ed516dd
• #1449 on some filesystems, the tail/follow function would spam the log with reopened at byte XXX 8173018
• #1401 on windows, a spec-violating basic-upload could delay that upload by a few seconds 6fb1287
• on macOS, u2c would clear the terminal on exit, even with -ns 238887c
• audio-files in a videofile trenchcoat did not thumbnail correctly 1066dc3

🔧 other changes

• #1387 added gentoo packaging (thx @mid-kid!) fb5384f
• #1425 improved FreeBSD / OpenBSD support (thx @chilledfrogs!) f561318 745d82f
• #1352 new handler: fail2ban (thx @Lomaiin!) 26e663d
• improve errormessage when the server's OS-HDD blips out of existence d1517d0
• #1439 improve IPv6 autoban IP-range (thx @SnowSquire!) f6dc1e2
• ensure opus transcodes will at most have 2 audio channels (stereo) b31f290
• #1417 smb-server: probably add IPv6 support a5d859d
• --list-nics and --list-ips to show autodetected network-adapters and IPs 8d4363d
• docs:
  • nixos module-override example (thx @Scotsguy!) 0b16e87
  • make it even more obvious that --allow-csrf is a bad idea 9a724b0
  • mention --urlform get to disable message-to-serverlog ac05b4f
  • readme: improve shadowing phrasing 003c68d
  • devnotes: explain the vendored dependencies 971f8ef

🌠 fun facts

• this release includes code written at abs(unit)
  • btw that pdp had an IPv6 lease and browsed the internet :^)
    • hasn't connected to copyparty though (yet...)
• this release was powered by 一体いつから (TaKo Hardcore bootleg) followed by Fighting My Way (YUPPUN Hardcore Remix) (shd is a good dj)

💾 what to download?

• except for u2c.exe, all of the options above are mostly equivalent
• the zip and tar.gz files below are just source code
• python packages are available at PyPI

1.5.0 (2026-04-23)

Breaking Changes

• Self-service portal now needs Stalwart 0.16+: Stalwart dropped its self-service HTTP API in 0.16.0 and replaced it with JMAP. Bulwark Webmail only talks to the new JMAP endpoint, so the self-service portal (account settings, app passwords, API keys) requires Stalwart 0.16 or newer. STALWART_API_URL is deprecated, these actions go through the normal JMAP session.

Features

• Stalwart: Migrate Stalwart management API to JMAP x: methods for Stalwart 0.16
• Admin: Add API Keys management and IP allowlist for App Passwords
• Contacts: Revamp contact detail view with filters, photo, print, and duplicate actions
• Contacts: Add contact activity component showing recent emails and upcoming events
• Contacts: Add right-click context menu
• Contacts: Group contacts by first letter with sticky section headers, toggleable in settings
• Calendar: Support resizing events from the top edge
• Calendar: Add timezone-aware formatting for event start times and update utcEnd on duration change
• Calendar: Optimize layout of overlapping events
• Calendar: Add collapsible details to calendar invitation banner
• Email: Implement batch archiving and bulk moving of emails
• Email: Show full folder path in move/drop toast
• Settings: Reorganize settings into 6 groups with clearer tabs
• Navigation: Add account-addition button to the navigation rail
• Mobile: Streamline email viewer header layout
• Mobile: Pass isMobile through calendar views and time-grid interactions

Fixes

• Mailbox: Retry mailbox fetch on first login to handle lazy provisioning (#217)
• Mailbox: Use fresh state in archive handling to avoid stale mailbox data
• Mailbox: Improve error message on mailbox creation failure
• Auth: Skip checkAuth on route change when already authenticated
• Auth: Clean up unused imports and improve TOTP QR code rendering
• UI: Align hover styles and selection-toggle target with focused item
• UI: Read matchMedia synchronously on client to prevent layout flicker

Refactor

• Settings: Remove Stalwart API URL configuration (now derived via JMAP)

Chore

• i18n: Add missing translation keys
• Deps: Bump dependencies to latest compatible versions

Changelog

• 69901f9 Bump actions/download-artifact to v8
• f8e188a chore(deps): bump the dev-dependencies group with 11 updates
• 6f321fd chore(deps): bump the dev-dependencies group with 21 updates
• ccba8a5 chore(deps): bump the dev-dependencies group with 9 updates
• 2b918d5 chore: fix spellings and unused function args
• 0dc074a feat: add --socket-perm option for UNIX socket file permissions
• 14b0aab feat: add cli option to generate shell auto completion
• 53bbaf2 feat: add presigned URL generation in webui
• 545a9e9 feat: add server-side pagination for webui object explorer
• 41fc459 feat: history back/forward actions on explorer and modals
• fcb540e feat: in webui add bucket favorites and direct-navigation to explorer
• a673900 fix for multipart upload when using sidecar meta
• 873148a fix: add Host header to HTTP test requests for fasthttp v1.70.0 compatibility
• 8c49a33 fix: add explicit sidecar metadata cleanup on object/bucket deletion
• 9816c2f fix: add gcs compatibility flag to fix s3proxy GCS SigV4 signature mismatch
• 81f0158 fix: close temp file before rename in sidecar StoreAttribute
• d6fb954 fix: correct 206 Partial Content response status for ranged GetObject and HeadObject
• 48bfa9f fix: correct HeadObject restore status for offline objects in scoutfs
• 8e8fac6 fix: docker entrypoint move VGW_ARGS before backend subcommand
• b905554 fix: fix azure multipart upload objects masking
• b151d46 fix: fix webui port validation to allow unix socket paths
• 3529e1b fix: in webui use AWS SigV4-compliant URI encoding for path and query params
• 62e8cdd fix: make CompleteMultipartUpload idempotent and add part-number support to GetObject/HeadObject
• b473aa0 fix: move versionId validation to backend
• 5ff1c4b fix: use encodeS3Key in webui instead of encodeURIComponent in createFolder

5.43.0 (2026-04-22)

🚀 New feature

• core/*: introduce strapi.ai namespace (#25886)
• i18n: complete Dutch (nl) translations for admin panel (#25932)

🔥 Bug fix

• date picker sends date-only format to avoid deprecation warning (1508d5d8f3)
• bulk publish validation on required components in dz (#25687)
• use admin basename for 401 redirect path (#25458)
• auth providers generate unique username on conflict (#23853)
• webpack public path was missing a slash at the end (#22654)
• handle potential null userPermissions in Protect component (#24444)
• admin: add cursor pointer and fix click behavior on sortable table headers (#25418)
• admin: eliminate several browser race conditions (#26020)
• content-manager: blocks editor errors when image has formats: null (#26015)
• content-manager: use RBAC-aware populate in countDraftRelations (#25977)
• content-manager: don't allow locale to overwrite list view settings (#25437)
• content-manager: render ID column without number grouping (#25996)
• content-manager: apply i18n translations to dynamic zone component names (#25417)
• data-transfer: fix large transfer crashes; show transfer progress (#23479)
• upload: content-api does not return signed urls (#26034)
• upload-aws-s3: support root-level credentials and update AWS SDK (#25914)

⚙️ Chore

• update main README content (#25618)
• data-transfer: isIgnoredContentType helper for filtering (#26004)
• deps: bump undici from 6.24.1 to 6.25.0 (#26022)
• deps: bump follow-redirects from 1.15.11 to 1.16.0 (#26025)

💅 Enhancement

• strapi dev continue watching on build error (#25514)
• add list & delete admin user cli commands (#23022)
• data-transfer: improve progress UX (#25921)

🚨 Security

• upgrade to axios 1.15.1 (#26072)

❤️ Thank You

• Adrien L @Adzouz
• Akash Santra @Akash504-ai
• Bellian @Bellian
• Ben Irvin @innerdvations
• Benedikt Rötsch @axe312ger
• DMehaffy @derrickmehaffy
• Jamie Howard @jhoward1994
• Jan Willem Keizer @janwillemkeizer
• Jayesh Patel @itsmejay80
• Jesús Villar @Callm3thebreeze
• kdt523 @kdt523
• Marian Vonsien @mvo-zyres
• markkaylor @markkaylor
• Nico André @nclsndr
• Nikola Dinevski @ndinevski
• Paul Bratslavsky @PaulBratslavsky
• Schero D. @Schero94
• Simen @Eventyret
• Varun Chawla @veeceey

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.21

Changes

• upgrade dependencies (abb9492)
• cr fixes (23de982)
• Updated import and fixed race condition (0ea934c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.18

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.18

Changes

• fix yt-dlp options overrides (closes #958) (e9f979b)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.16

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.16

Changes

• upgrade dependencies (ab42325)
• fix PUBLIC_HOST_URL without a trailing slash (closes #959) (1a32eba)
• don't run workflow on README changes (29ccc42)
• add more CORS details (f2d71cb)

1.4.14 (2026-04-16)

Thank you for your donations:

• You? Become a sponsor!

One-time

• @mkorthaus-private
• @boris22100

Monthly

• @pr0ton11

Features

• Email: Add unified mailbox across accounts and sidebar icons toggle
• Email: Enhance email deletion and spam handling with improved parameterization
• Sieve: Enhance external rule handling in parser and store (#201)
• Plugins: Add i18n API, render hooks, and new intercept hooks to plugin system
• PWA: Dynamic PWA manifest with configurable name, description, and icons
• PWA: Show app name and logo in install prompt
• i18n: Add Ukrainian language with flags and missing translation keys
• i18n: Configurable locale prefix via NEXT_PUBLIC_LOCALE_PREFIX
• API: Add apiFetch helper for mount-prefix-aware API calls

Fixes

• Calendar: Send iMIP invitation emails when creating or updating calendar events (#192)
• Calendar: RFC 5545/6047 compliance for outgoing iMIP calendar emails
• Calendar: Add calendarAddress and replyTo to participants for Stalwart compatibility (#189, #192)
• Calendar: Improve CalDAV task detection for external clients like Thunderbird (#84)
• Email: Hide ICS attachments from attachment list when invitation banner is shown
• Email: Send before storing in Sent via onSuccessUpdateEmail (#188)
• Email: Standardize tag naming and fix unknown keyword display (#184, #185)
• i18n: Skip intl middleware for paths already containing a locale prefix
• Docs: Document PWA and branding env vars in .env.example
• Docs: Use company consistently in .env.example branding comments

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.13

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.13

Changes

• fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955 (03f71fd)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.12

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.12

Changes

• fix pnpm build (210c607)
• Bump softprops/action-gh-release from 2 to 3 in the github-actions group (3818969)
• fix yt-dlp options examples (4330d3b)
• update documentation (06c4a2c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.10

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.10

Changes

• document CORS_ALLOWED_ORIGINS variable (aa60420)
• Don't mark live streams as seen (a6e8617)
• Fix permissive CORS policy that allows cross-origin attacks (0072d34)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.09

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.09

Changes

• upgrade dependencies (0b3645a)
• fix: handle playlists that don't supply video ids (d38d7bd)
• Bump astral-sh/setup-uv from 6 to 7 in the github-actions group (b7709d3)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.05

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.05

Changes

• fix: parse string boolean values when updating subscriptions (373692a)
• explain yt-dlp configuration in detail (54680c4)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.04

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.04

Changes

• change option presets to be multi-select (dd0f98d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.03

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.03

Changes

• finalize custom options (closes #563, #482, #261, #681) (d41bdf6)
• Keep override controls on dedicated row (a02abf5)
• Fix frontend test typing for override flag (b16e597)
• Gate manual yt-dlp overrides behind flag (6e9b2dd)
• feat: add per-download yt-dlp presets and overrides (565a715)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.02

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.02

Changes

• update README (0cba61c)
• Add clarifying comments for n_entries and __last_playlist_index fields (closes #692) (d7eaaaa)
• Use PORT env variable in Dockerfile HEALTHCHECK instead of hardcoded 8081 (771ba52)
• Initial plan (1cc27d3)
• Propagate missing playlist context fields (playlist_count, playlist_autonumber, n_entries, __last_playlist_index) (981e6c1)
• Add explanatory comment for fake STR_FORMAT_RE_TMPL key group in tests (b17e1e5)
• Replace custom template substitution with yt-dlp's evaluate_outtmpl (c1b5540)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.01

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.01

Changes

• add subscriptions; change persistence file format to JSON (closes #901, #76, #113, #170, #242, #444, #503, #555, #566) (483575d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.03.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.03.21

Changes

• fix pickle (closes #814) (84c6418)

Part-DB 2.10.0

Changes

• Frontend building now requires at least nodejs 22.
• For security hardening reasons Part-DB's generic web provider and the attachment download feature cannot download from local network IPs to avoid SSRF attacks. If you require internal attachment download, you can enable it via an env option.

New features

• Make format06 barcode checking more resiliant for non-standard conform labels and scanners by @mkne in #1321
• Implement parsing of TME QR codes by @alufers in #1324
• Ignore public/.well-known folder by @klausman in #1335
• Enable BOM sorting on part fields (Storage location, Manufacturing status) @mkne in #1338
• Allow to create custom kicad symbol/footprint autocomplete lists @DanTrackpaw in #1342
• Add price columns to project BOM table and build price summary by @MayNiklas in #1345
• Allow to sort by numeric value with SI prefix. This is realized via a separate optional column @wschopohl in #1344

Bugfixes

• Fix creating parts from TME if the SPN contains percent signs by @alufers in #1337

Miscellaneous

• Updated dependencies
• Updated translations
• Updated kicad symbols
• Improved documentation

New Contributors

• @alufers made their first contribution in #1324
• @klausman made their first contribution in #1335
• @DanTrackpaw made their first contribution in #1342
• @wschopohl made their first contribution in #1344

Full Changelog: v2.9.1...v2.10.0

✨ New Features & Improvements

• @directus/app
  • Replaced "All Users" tab with Active, Suspended, and Invited status tabs (#27036 by @robluton)
  • Added Save as New File option to image editor (#27084 by @JamesW1)
• @directus/api
  • Added a new /ai/object endpoint to generate structured objects for autocomplete and other inline experiences (#26862 by @bryantgillespie)
• @directus/composables
  • Eliminated redundant count requests in the useItems composable (#26906 by @okxint)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed export failing on collections with virtual fields like $thumbnail by excluding them from export defaults and the field picker (#27073 by @om-singh-D)
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Fix "Use named routes instead of hardcoded path strings #26733" (#26809 by @powerseed)
  • Fixed VBadge intercepting pointer events on slotted elements (#27087 by @HZooly)
  • Fixed comparison modal footer responsive breakpoint (#27061 by @robluton)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
• @directus/api
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
  • Trimmed leading and trailing spaces from search queries (#27089 by @robluton)
  • Fixed promotion of deleted relation returning invalid date time value error (#27040 by @gaetansenn)
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
  • Fixed MARKETPLACE_REGISTRY env not being passed to registry list call when generating extension settings (#27076 by @gaetansenn)
  • Replaced INTERNAL_SERVER_ERROR with SERVICE_UNAVAILABLE for marketplace registry errors and improved error messages. (#26937 by @eric-pennecot)
• @directus/schema
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
• @directus/themes
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
• @directus/types
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)

📦 Published Versions

• @directus/app@15.9.0
• @directus/api@35.1.0
• @directus/composables@11.4.0
• create-directus-extension@11.0.35
• @directus/extensions@3.0.24
• @directus/extensions-registry@3.0.25
• @directus/extensions-sdk@17.1.3
• @directus/schema@13.0.8
• @directus/schema-builder@0.0.19
• @directus/themes@1.3.2
• @directus/types@15.0.2

5.42.1 (2026-04-15)

🔥 Bug fix

• typo in Russian translation for upload button (#25946)
• fixed 9 typos, spelling errors, and duplicate words. (#25936)
• skip form onChange when markdown updates come from setValue (#25955)
• adjust typo in test (#25960)
• update snapshot (9b2501ceeb)
• increase test timeout (f50134dbae)
• preserve relations in fill from another locale (#25703)
• enable save button when re-ordering components or dynamic zones (#25959)
• made changes to resolve Firefox timepicker issue (#25129, #25438)
• admin: batch content manager permission checks and reuse session ability (#25911)
• core: add firstPublishedAt field to draft (#25947)
• document-service: preserve relations during publish (#25909)
• tests: type errors cause build to fail which cause tests to fail (072ad0d801)
• upload: cache busting for cross-origin images in crop (#25950)
• upload-aws-s3: trust S3 response Location URL for compatible providers (#25939)

⚙️ Chore

• fix typos in comments and docs (12dfbe97c9)
• adding finnish translation to Strapi Admin (#25620)
• fix typos in comments and docs (91407798c4)
• update Polish language translations (#23762)
• deps: bump lodash from 4.17.23 to 4.18.1 (#25919)
• deps: bump lodash-es from 4.17.23 to 4.18.1 (#25906)
• deps: bump nodemailer from 8.0.4 to 8.0.5 (#25963)
• deps: bump axios from 1.13.5 to 1.15.0 (#25980)
• deps: bump path-to-regexp from 8.4.1 to 8.4.2 (#25901)
• examples: delete config.server.url to restore port override capability (#26011)

❤️ Thank You

• Adrien L @Adzouz
• akash-dabhi-qed @akash-dabhi-qed
• Antti Tuppurainen
• Bassel Kanso @Bassel17
• Jamie Howard @jhoward1994
• Mark Kaylor @markkaylor
• mathildeleg @mathildeleg
• Michał Kleszczyński @Magiczne
• Nico André @nclsndr
• Shalabh Gupta @coding-shalabh
• Tony @tonytkachenko
• Yohaan Narayanan @yohaann196
• Yohei Yamamoto @NAM-MAN

1.4.13 (2026-04-12)

Thank you for your donations:

One-time

• @boris22100
• @mkorthaus-private

Monthly

• You? Become a sponsor!

Features

• Contacts: Store trusted senders in a dedicated JMAP address book (#176)
• Email: Warn on send when attachment keyword found but no file attached (#172)
• Email: Enable keyword reordering (#174) and multi-tag support per email (#173)
• PWA: Add "don't remind me again" option to install prompt
• Auth: Add SESSION_SECRET_FILE and OAUTH_CLIENT_SECRET_FILE environment variable support
• Plugins: Add onAvatarResolve plugin hook
• Docker: Publish main and dev branches as separate GHCR packages

Fixes

• Email: Style links in plain text emails
• Email: Seed list history entry when app initializes on an email view
• Email: Remount composer on draft edit and preserve identity (#60)
• Contacts: Display contact names stored in name.full (#179)
• Contacts: Fix category dropdown blocking Save button in contact form (#177)
• Contacts: Resolve TS error from optional name.components in vCard parser
• Search: Search all folders when filtering emails by tag (#175)
• Auth: Include mount prefix in SSO redirect URI when app is served under a subpath
• PWA: Correct PWA icons with proper sizing, transparency, and dark/light mode support

1.4.12 (2026-04-09)

Thank you for your donations:

One-time

• @mkorthaus-private

Monthly

• You? Become a sponsor!

Features

• PWA: Add PWA support with service worker and install prompt
• Calendar: Add birthday calendar feature with settings and localization
• Calendar: Clamp February 29 birthdays in non-leap years
• Identity: Add automatic identity synchronization (#167)
• Plugins: Disable plugins by default and require admin approval
• Plugins: Replace auth header exposure with a secure HTTP proxy API for plugins
• Auth: Add configurable OAuth scopes and cookie security via environment variables
• Email: Sync mail view to browser history for back/forward navigation
• Contacts: Add ability to rename address books (#152)
• UI: Add version badge in settings
• i18n: Add Latvian (lv) locale support
• i18n: Add Polish language support
• i18n: Add Korean language support
• i18n: Add Simplified Chinese (zh_CN) locale support

Fixes

• Email: Show recipient instead of sender in Sent and Drafts folder lists
• Email: Embed dropped images as data URLs and prevent duplicate attachments (#163)
• Email: Fix logic for marking email as read in EmailViewer
• Email: Fix archive action passing MouseEvent as argument
• Mailbox: Preserve search filters on push-triggered mailbox refresh (#164)
• Mailbox: Align shared account folders with primary folders (#151)
• Mailbox: Fetch mailboxes on mount in FolderSettings when store is empty
• Mailbox: Improve mailbox deletion error handling
• Calendar: Improve calendar event retrieval by batching requests to avoid server limits (#141)
• Calendar: Compute per-occurrence UTC start/end in recurrence expansion (#116)
• Calendar: Guard against undefined trigger in calendar event alert popover (#143)
• Files: Stream WebDAV PUT uploads to avoid buffering in memory (#162)
• Files: Prune recent files against server nodes on refresh (#146)
• Files: Fix file deletion logic to update recent files and handle errors (#146)
• Files: Extend file drop zone to fill remaining viewport height
• Files: Fallback to application/octet-stream for long MIME types
• Security: Replace unguarded crypto.randomUUID() with safe generateUUID() utility
• Security: Validate plugin HTTP post URL against origin with regression tests
• Security: Allow blob images in CSP for inline drag-and-drop (#163)
• Auth: Resolve settings sync identity mismatch for OAuth/SSO sessions (#127)
• Contacts: Fix address book ID namespacing for shared contacts in create and update operations (#133)
• UI: Fix focused mode expanding beyond screen bounds (#156)
• API: Handle 403 on principal fetch without console error
• API: Enhance error handling in Stalwart API responses

5.42.0 (2026-04-08)

🚀 New feature

• removing A/B testing from the prompt Currently A/B testing opt-in isn't used, so removing it from the CLI (8d5b04ece4)
• changing sonar variable (0d822ade04)
• data-transfer: add directory export/import format (#25867)

🔥 Bug fix

• change return to continue in deleteRelations when using foreign keys (#25857)
• hide legacy options (da9cdfc640)
• contains filter no longer returns empty data (#25810)
• typos in documentation plugin README (4ff54bff36)
• admin: p is not function error (#25663)
• content-manager: pass component schemas when rebuilding list view headers (#25872)
• content-manager: wrap single type displayName with formatMessage (#25880)
• core: relation handling preserves order during unpublish/republish cycles (#25764)
• create-strapi-app: generate .yarnrc.yml for Yarn projects (#25869)
• documentation: use dist extensions path in production (#25863)

📚 Documentation Changes

• fix typos in documentation plugin README (8e11e41247)

⚙️ Chore

• add .claude directory to gitignore (e85aa81cdf)
• sonarqube variables like in their docs (40f9ecd6c7)
• deps: bump minimatch from 10.2.4 to 10.2.5 (#25879)
• deps: bump @xmldom/xmldom from 0.8.6 to 0.8.12 (#25877)
• deps: bump path-to-regexp from 8.2.0 to 8.4.0 (#25850)
• deps: bump undici from 6.24.0 to 6.24.1 (#25785)
• deps: bump handlebars from 4.7.7 to 4.7.9 (#25841)
• deps: bump yauzl from 3.2.0 to 3.2.1 (#25729)
• deps: bump bn.js from 4.12.0 to 4.12.3 (#25691)
• deps: bump js-yaml from 3.14.1 to 3.14.2 (#25680)
• deps: bump mdast-util-to-hast from 13.2.0 to 13.2.1 (#25681)
• deps: bump path-to-regexp from 8.4.0 to 8.4.1 (#25888)
• deps: bump simple-git from 3.21.0 to 3.32.3 (#25704)
• deps: bump file-type from 21.0.0 to 21.3.2 (#25728)
• deps: bump @octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 (#25693)
• deps: bump @octokit/request from 8.4.0 to 8.4.1 (#25694)
• deps: bump picomatch from 2.3.1 to 2.3.2 (#25828)
• deps: bump nodemailer from 8.0.1 to 8.0.4 (#25848)

❤️ Thank You

• Adrien L @Adzouz
• Adrien Lepoutre @Adzouz
• Alexandre BODIN
• Bassel Kanso @Bassel17
• Ben Irvin
• guoyangzhen
• Jamie Howard @jhoward1994
• Joshua Klinesmith
• Simon Norris

✨ New Features & Improvements

• @directus/app
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)
  • added timezone support to datetime display (#26184 by @u12206050)
  • Added comparison modal checkbox to allow viewing only modified fields (#27010 by @robluton)
• @directus/composables
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed alias fields being included when selecting all fields in export (#26775 by @tysoncung)
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Fixed relational field removals inside groups not persisting on draft items (#26917 by @HZooly)
  • Fixed search input not closing when focus changes on keyboard navigation (#26970 by @Zhey-on)
• @directus/api
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Updated lodash, samlify and @xmldom/xmldom dependencies and add defu override (#27033 by @br41nslug)
  • Fixed coercion of stringified JSON in AI assistant tool arguments (#27005 by @bryantgillespie)
  • Added cleanup handlers for disconnected file streams (#26992 by @Champ-Goblem)
• @directus/errors
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)

📦 Published Versions

• @directus/app@15.8.0
• @directus/api@35.0.2
• @directus/composables@11.3.0
• create-directus-extension@11.0.34
• @directus/errors@2.3.1
• @directus/extensions-registry@3.0.24
• @directus/extensions-sdk@17.1.2
• @directus/memory@3.1.7
• @directus/validation@2.0.22

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#6067)
• Updated PHP dependency versions.

What's Changed

• Add more disk I/O metrics (utilization, read/write time, await, queue depth) (#1866)
• Add ability to copy alerts between systems by @svenvg93 (#1853)
• Add SENSORS_TIMEOUT environment variable (#1871)
• Replace distatus/battery with an internal implementation by @svenvg93 (#1872)
• Restrict universal token API to non-superuser accounts (#1870)
• Fix macOS ARM64 crashes by upgrading gopsutil to v4.26.3 (#1881, #796)
• Fix text size for system names in grid view by @Malith-Rukshan (#1860)
• Fix NVMe capacity reporting for Apple SSDs by @svenvg93 (#1873)
• Fix Windows root disk detection when the executable is not on the root disk (#1863)
• Fix nested virtual filesystem inclusion in Docker when mounting host root by @svenvg93 (#1859)
• Fix OPNsense installation persistence by using the daemon user by @svenvg93 (#1880)
• Upgrade JS dependencies with dependabot security alerts by @svenvg93 (#1882)
• Upgrade PocketBase to latest version

New Contributors

• @Malith-Rukshan made their first contribution in #1860

Full Changelog: v0.18.6...v0.18.7